- From: Robin Wilton <wilton@isoc.org>
- Date: Tue, 15 Oct 2013 10:42:54 +0200
- To: Christine Runnegar <runnegar@isoc.org>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-Id: <1C6FE4AD-6258-4F5B-A4FF-FEFB9E42A8BE@isoc.org>
There is also this report, in the Washington Post, about using the "User Agent" string in a browser as a modifiable means of fingerprinting the user... http://apps.washingtonpost.com/g/page/world/gchq-report-on-mullenize-program-to-stain-anonymous-electronic-traffic/502/ NB - it's also worth bearing in mind that, by adding privacy-enhancing plug-ins to my browser and setting various privacy-specific options, I have essentially made my browser fingerprint pretty much unique. To get a better impression of what factors can make a browser identifiable, have a look at the EFF's browser fingerprint check, here: https://panopticlick.eff.org R Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: wilton@isoc.org Phone: +44 705 005 2931 Twitter: @futureidentity On 13 Oct 2013, at 23:44, Christine Runnegar wrote: > Hello all. > > This may be of interest, particularly with respect to our work on developing privacy guidance regarding browser fingerprinting: > > http://www.kuleuven.be/english/news/several-top-websites-use-device-fingerprinting-to-secretly-track-users > > "A new study by KU Leuven-iMinds researchers has uncovered that 145 of the Internet’s 10,000 top websites track users without their knowledge or consent. The websites use hidden scripts to extract a device fingerprint from users’ browsers. Device fingerprinting circumvents legal restrictions imposed on the use of cookies and ignores the Do Not Track HTTP header. The findings suggest that secret tracking is more widespread than previously thought. > > …. > > The researchers identified a total of 16 new providers of device fingerprinting, only one of which had been identified in prior research. In another surprising finding, the researchers found that users are tracked by these device fingerprinting technologies even if they explicitly request not to be tracked by enabling the Do Not Track (DNT) HTTP header. > > The researchers also evaluated Tor Browser and Firegloves, two privacy-enhancing tools offering fingerprinting resistance. New vulnerabilities – some of which give access to users’ identity – were identified. > > Device fingerprinting can be used for various security-related tasks, including fraud detection, protection against account hijacking and anti-bot and anti-scraping services. But it is also being used for analytics and marketing purposes via fingerprinting scripts hidden in advertising banners and web widgets. > > To detect websites using device fingerprinting technologies, the researchers developed a tool called FPDetective. The tool crawls and analyses websites for suspicious scripts. This tool will be freely available at http://homes.esat.kuleuven.be/~gacar/fpdetective/ for other researchers to use and build upon. > > The findings will be presented at the 20th ACM Conference on Computer and Communications Security this November in Berlin."
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Tuesday, 15 October 2013 08:42:50 UTC